Skip to content

S0183 Tor

Tor is a software suite and network that provides increased anonymity on the Internet. It creates a multi-hop proxy network and utilizes multilayer encryption to protect both the message and routing information. Tor utilizes “Onion Routing,” in which messages are encrypted with multiple layers of encryption; at each step in the proxy network, the topmost layer is decrypted and the contents forwarded on to the next node until it reaches its destination. 1

Item Value
ID S0183
Associated Names
Version 1.1
Created 16 January 2018
Last Modified 13 May 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1573 Encrypted Channel -
enterprise T1573.002 Asymmetric Cryptography Tor encapsulates traffic in multiple layers of encryption, using TLS by default.1
enterprise T1090 Proxy -
enterprise T1090.003 Multi-hop Proxy Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.1

Groups That Use This Software

ID Name References
G0016 APT29 2
G0065 Leviathan 3
G0132 CostaRicto 4
G0007 APT28 5


Back to top